| Message ID | 20240208084512.3803250-7-lee@kernel.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | scsi: Replace {v}snprintf() variants with safer alternatives | expand |
On Thu, Feb 08, 2024 at 08:44:18AM +0000, Lee Jones wrote: > There is a general misunderstanding amongst engineers that {v}snprintf() > returns the length of the data *actually* encoded into the destination > array. However, as per the C99 standard {v}snprintf() really returns > the length of the data that *would have been* written if there were > enough space for it. This misunderstanding has led to buffer-overruns > in the past. It's generally considered safer to use the {v}scnprintf() > variants in their place (or even sprintf() in simple cases). So let's > do that. It may be better to do a global replace of snprintf() where the return value is not used. $ git grep '\bsnprintf\b' | grep -v = | wc -l 6400 There's plenty of work to do to remove just the ones taking the result: $ git grep ' = snprintf\b' | wc -l 764 Regardless, Reviewed-by: Kees Cook <keescook@chromium.org> -Kees > > Link: https://lwn.net/Articles/69419/ > Link: https://github.com/KSPP/linux/issues/105 > Signed-off-by: Lee Jones <lee@kernel.org> > --- > Cc: "James E.J. Bottomley" <jejb@linux.ibm.com> > Cc: "Martin K. Petersen" <martin.petersen@oracle.com> > Cc: linux-scsi@vger.kernel.org > --- > drivers/scsi/aha1542.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/aha1542.c b/drivers/scsi/aha1542.c > index 9503996c63256..b5ec7887801a5 100644 > --- a/drivers/scsi/aha1542.c > +++ b/drivers/scsi/aha1542.c > @@ -772,7 +772,7 @@ static struct Scsi_Host *aha1542_hw_init(const struct scsi_host_template *tpnt, > goto unregister; > > if (sh->dma_channel != 0xFF) > - snprintf(dma_info, sizeof(dma_info), "DMA %d", sh->dma_channel); > + scnprintf(dma_info, sizeof(dma_info), "DMA %d", sh->dma_channel); > shost_printk(KERN_INFO, sh, "Adaptec AHA-1542 (SCSI-ID %d) at IO 0x%x, IRQ %d, %s\n", > sh->this_id, base_io, sh->irq, dma_info); > if (aha1542->bios_translation == BIOS_TRANSLATION_25563) > -- > 2.43.0.594.gd9cf4e227d-goog > >
diff --git a/drivers/scsi/aha1542.c b/drivers/scsi/aha1542.c index 9503996c63256..b5ec7887801a5 100644 --- a/drivers/scsi/aha1542.c +++ b/drivers/scsi/aha1542.c @@ -772,7 +772,7 @@ static struct Scsi_Host *aha1542_hw_init(const struct scsi_host_template *tpnt, goto unregister; if (sh->dma_channel != 0xFF) - snprintf(dma_info, sizeof(dma_info), "DMA %d", sh->dma_channel); + scnprintf(dma_info, sizeof(dma_info), "DMA %d", sh->dma_channel); shost_printk(KERN_INFO, sh, "Adaptec AHA-1542 (SCSI-ID %d) at IO 0x%x, IRQ %d, %s\n", sh->this_id, base_io, sh->irq, dma_info); if (aha1542->bios_translation == BIOS_TRANSLATION_25563)
There is a general misunderstanding amongst engineers that {v}snprintf() returns the length of the data *actually* encoded into the destination array. However, as per the C99 standard {v}snprintf() really returns the length of the data that *would have been* written if there were enough space for it. This misunderstanding has led to buffer-overruns in the past. It's generally considered safer to use the {v}scnprintf() variants in their place (or even sprintf() in simple cases). So let's do that. Link: https://lwn.net/Articles/69419/ Link: https://github.com/KSPP/linux/issues/105 Signed-off-by: Lee Jones <lee@kernel.org> --- Cc: "James E.J. Bottomley" <jejb@linux.ibm.com> Cc: "Martin K. Petersen" <martin.petersen@oracle.com> Cc: linux-scsi@vger.kernel.org --- drivers/scsi/aha1542.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)